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(54) Abstract Title 

Using biometrics on pervasive devices for mobile identification of ttiird parties 



(57) A biometric device of the prior art (e.g. fingerprint or 
palm print analysis, retinal scanning, voice print analysis) 
is attached to, or incorporated within, a pervasive device 
{e.g. cellular phone, wearable computer, PDAs, handheld 
computer). This augmented pervasive device may then be 
used for capturing biometric information from an arbitrary 
third party in an arbitrary location. The captured 
information is analyzed to determine the third party's 
identification, access rights, etc. as needed by a particular 
application. This can involve transmitting the biometric 
information from the pervasive device to a server, and 
returning retrieved information, which may comprise a 
photograph of the third party, access rights, or protected 
information (e.g. a trusted message), to the pervasive 
device. Possible applications include enabling on-demand 
creation of a secure meeting site by repeating operation of 
the capturing and identification for each of a plurality of 
meeting attendees. This solution capitalizes on the 
portability, functionality and communication capability of 
the pervasive device to provide a flexible, powerful 
biometric identification technique at relatively low cost. 
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FERVASXVE DEVXCSS XDENTXFXCATIOM 
BACKGROXjm OF THE INVEirrXON 

Field of the Invention 

The present invention relates to a computer system, and deals more 
particularly with a method, system, and computer program product for using 
biometrics on pervasive devices for purposes of mobile identification. 

Description of the Related Art 

Pervasive devices, sometimes referred to as pervasive computing 
devices, are becoming increasingly popular, and their functionality (in 
terms of communication and processing capaibilities) is increasing rapidly 
as well. Pervasive devices are often quite different from the devices an 
end- user might use in an office setting, such as a desktop computer. 
Typically, a pervasive device is small, lightweight, and may have a 
relatively limited amoxmt of storage. Example devices include: cellular 
phones which are enabled for communicating with the Internet or World Wide 
Web ('"Web"); wearable computing devices; devices mounted in a vehicle, such 
as an on-board navigation system; computing devices adapted to use in the 
home, such as an intelligent sensor built into a kitchen appliance; mobile 
computers; programmable digital assistants, or PDAs''; handheld coii^uters 
such as the PalmPilot from 3Com Corporation and the WorkPad from the 
International Business Machines Corporations (^IBM"); etc, ("PalmPilot* is 
a trademark of 3Cot Corporation, and "WorkPad" is a registered trademark of 
IBM. ) 

Many pervasive devices are designed for portable use, and therefore 
are often adapted for connecting to a network. Because of their 
portability, these smaller devices typically enable the user to perform 
computing functions regardless of where he or she happens to be at the 
time, cuid some allow a user to easily transport the device as the user 
moves about in his or her daily activities. While early examples of these 
devices were somewhat expensive to operate, requiring a relatively 
e^ensive wireless network connection with limited band%d.dth, the 
processing speeds of these devices are becoming faster and network 
bandwidth is growing quickly. As these smaller, more portable types of 
confuting devices become more affordable and more poptilar among consximers, 
the demand for consumer access to data will continue to grow by leaps and 



bounds. This demand will drive new innovation that will lead to further 
increases in processing speeds and increased network bandwidth, making use 
of such devices more affordable and more widely accepted. As this trend 
continues, the idea of transmitting larger and larger amounts of data via 
the pervasive device will not be considered a barrier to its use. 
Furthermore, valuable new ways of exploiting these devices will be 
discovered. One field which has not yet been adapted to use by pervasive 
devices is biometrics. 



Biometrics is the field of statistically analyzing biological data. 
Biometric techniques in common use today include retinal scanning, 
fingerprint and palm print analysis, and voice print analysis. Biometric 
devices with which biometric information can be captured and processed are 
increasingly being used to enable identifying the owner of a resource, 
and/or for controlling access to a resource. Typically, the resources are 
stationary or somewhat fixed in physical location. Example scenarios where 
biometrics are commonly used include: controlling access to bank accounts 
through automated teller machines; controlling access to personal 
computers; and for identification with residential and commercial secxirity 
systems . 



U. S. Patent 5,915,973, entitled "System for Administration of 
Remotely-Proctored, Secure Examinations and Methods Therefor", issued to 
Hoehn-Saric et al. and referred to hereinafter as the *973 patent, 
discloses a technique for using biometric data to protect access to a 
stationary testing site where a person is to be tested on some arbitrary 
topic. Biometric information about the test taker is used to create a 
registration card that is subsequently used to identify properly registered 
test takers. Biometric information is used again to enable delivery of 
test data (e.g. questions to be answered) to a test taker from a remote 
storage location, or to unlock the device on which the test data resides 
locally. 



U. S. Patent 5,222,152, entitled "Portable Fingerprint Scanning 
Apparatus for Identification Verification", issued to Fishbine et al, and 
referred to hereinafter as the ^152 patent, discloses a scanning device 
which scans and records fingerprint images and then transmits the images to 
a separate mobile unit for digitizing. The fingerprint information is 
subsequently transmitted from the mobile unit to a base unit at a central 
location for determining the identity of the person being fingerprinted and 
for performing a background check on that person. U. S. Patent 5,467,403 
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(referred to hereinafter as the *403 patent), which is also entitled 
^Porta±)le Fingerprint Scanning Apparatus for Identification Verification" 
and issued to Fishbine et al. as a continuation-in-part of U. S. 5,222,152, 
further discloses a highly- integrated camera for capturing a photographic 
5 image of the person being fingerprinted. The portable image collection 

device is designed as a plug- in to a separate charger/cradle device 
(referred to as the ^base unit") which is preferably mounted in a police 
patrol car. The collected information is transferred from the portable 
device to the separate base unit, and is then sent from the base unit to 

10 the police station for comparison purposes. Addition of a small scale 

QWERTY keyboard (as in a notebook computer)" to the portcdDle device is 
referenced in regard to controlling operation of the device, directing it 
to toggle between fingerprint and mug shot mode; capture an image; display 
a menu of functions; and select a displayed function. Addition of 

15 nonvolatile memory to the portable device is described as an alternative 

embodiment where images are stored with the portable device for later 
transmission to the base unit, rather than requiring a tether or wireless 
transmitter for that purpose (as in the preferred embodiment) . 

20 However, none of these references teaches use of biometrics with 

pervasive devices. The '973 patent is for use in a fixed, stationary 
application (the testing site). The '152 and M03 patents use a portable 
device for capturing fingerprint data cuid photographic images, but require 
this portable device to transmit information to another device (referred to 

25 therein as a mobile unit and a base unit, respectively) , where that second 

device transmits the information to a central processing location. 

Accordingly, what is needed is a solution that capitalizes on the 
portability and functionality, as well as the built-in communication 
30 capability, of pervasive devices to provide an improved technique for 

performing biometric analysis. 

SUMK&RY OF THE IKVEHTION 

35 An object of at least the embodiment of the present invention is to 

provide an improved technique for use of biometric information as 
identification . 



40 



Another such object of the present invention is to provide this 
techniG[ue in a manner ii^ereby an augmented pervsisive device is used to 
capture biometric information. 
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Another such object of the present invention is to provide this 
technique such that the pervasive device sends the captured biometric 
information to a central site for analysis. 

5 Yet another such object of the present invention is to capitalize on 

the portability and functionality, as well as the built-in communication 
capability, of pervasive devices to provide an improved technique for 
performing biometric analysis. 

^0 Other such objects and advantages of the present invention will be 

set forth in part in the description and in the drawings which follow and, 
in part, will be obvious from the description or may be learned by practice 
of the invention. 

^5 aspect of the invention provides a system according to claim 1. 

A second aspect of the invention provides a system according to claim 
A third aspect of the invention provides a system according to claim 

20 20. 

This technique may further comprise: transmitting the captured 
biometric data from the mobile pervasive device to a remote server; 
retrieving, by the remote server, information from a repository using the 

25 transmitted biometric data; and returning the retrieved information to the 

mobile pervasive device. The retrieved information may con^rise a 
photograph of a party to whom the biometric data corresponds. Or, the 
retrieved information may comprise access rights of a party to whom the 
biometric data corresponds, protected infonnation not locally accessible to 

30 the mobile pervasive device, or some other type of information. 

The technique may also comprise filtering, by the remote server, the 
retrieved information based upon a determined identity of the third party, 
in which case the returned retrieved information is the filtered reprieved 
35 information. 

The mobile pervasive device may further comprise a locally- stored 
repository containing the previously- stored biometric data, and wherein the 
identification compares, by the mobile pervasive device, the captured 
40 biometric data to the previously-stored biometric data in the 

locally- stored repository. 
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In one aspect, chis technique may be used to enable on-demand 
creation of a secure meeting site by repeating operation of the capturing 
and the identifying for each of a plurality of meeting attendees. In 
another aspect, this technique may be used to exchange a trusted message by 
5 performing operation of the capturing and the identifying wherein the third 

party is a potential recipient of the trusted message. 

The present invention will now be described with reference to the 
following drawings, in which like reference numbers denote the same element 
1 0 throughout * 

BRIEF DBSCRIPTION OF THE DRAWINGS 

Figure 1 is a block diagram of a computer workstation environment in 
15 which the present invention may be practiced; 

Figure 2 is a diagram of a networked computing environment in which 
the present invention may be practiced; cuid 

20 Figure 3 illustrates the logic with which a preferred embodiment of 

the present invention may be implemented, 

DBSCRXFTXON OF THE PREFERRED EMBODIBIEOT 

25 Fig. 1 illustrates a representative workstation hardware environment 

in which the present invention may be practiced. The environment of Fig, 1 
comprises a representative single user conputer workstation 10, which for 
purposes of the present invention is a pervasive device such as a handheld 
conputer, laptop con^uter, cellular phone, screen phone, etc., including 

30 related peripheral devices. The workstation 10 includes a microprocessor 

12 and a bus 14 employed to connect cuxd enable communication between the 
microprocessor 12 and the components of the workstation 10 in accordance 
with known techniques. The workstation 10 typically includes a user 
interface adapter 16, which connects the microprocessor 12 via the bus 14 

35 to one or more interface devices, such ais a keyboard 18, mouse 20, and/or 

other interface devices 22, such as a user interface device (which may be a 
touch sensitive screen, digitized entry pad, etc.). The bxxs 14 also 
connects a display device 24, such as an LCD screen or monitor, to the 
microprocessor 12 via a display adapter 26. The bus 14 also connects the 

40 microprocessor 12 to memory 28 and long-term storage 30 which can include a 

hard drive, diskette drive, tape drive, etc. 



The workstation 10 may conanunicate with other computers or networks 
of computers, preferably using a wireless interface at 32, such as a CDPD 
(cellular digital packet data) card. The workstation 10 may be associated 
with such other con^uters in a LAN or a WAN, or the workstation 10 can be a 
client in a client/server arrangement with another computer, etc. All of 
these configurations, as well as the appropriate communications hardware 
and software, are known in the art. 

Fig. 2 illustrates a network computing environment 40 in which the 
present invention may be practiced. The network confuting environment 40 
may include a plurality of individual networks, such as wireless network 42 
and network 44, each of which may include a plurality of individual 
workstations 10. Additionally, as those sJcilled in the art will 
appreciate, one or more LANs may be included {not shown), where a LAN may 
comprise a plurality of intelligent workstations coupled to a host 
processor. 

Still referring to Fig. 2, the networks 42 and 44 may also include 
mainframe computers or searvers, such as a gateway computer 46 or 
application server 47 (which may access a data repository 48). A gateway 
computer 46 serves as a point of entry into each network 44. The gateway 
46 may be preferably coupled to another network 42 by means of a 
communications link 50a. The gateway 46 may also be directly coupled to 
one or more workstations 10 using a communications link 50b, 50c. The 
gateway computer 46 may be implemented utilizing an Enterprise Systems 
Architecture/370 available from IBM, an Enterprise Systems Architecture/390 
computer, etc. Depending on the application, a midrange con^uter, such as 
an Application System/400 (also known as an AS/400) may be employed. 
(^^Enterprise Systems Architecture/370" is a trademark of IBM; "Enterprise 
Systems Architecture/3 90", "Application System/400'', and ^*AS/400" are 
registered trademarks of IBM.) 

The gateway computer 46 may also be coupled 49 to a storage device 
(such as data repository 48) . Further, the gateway 46 may be directly or 
indirectly coupled to one or more workstations 10. 

Those skilled in the art will appreciate that the gateway computer 46 
may be located a great geographic distance from the network 42, and 
similarly, the workstations 10 may be located a substantial distcuice from 
the networks 42 and 44. For example, the network 42 may be located in 
California, while the gateway 46 may be located in Texas, and one or more 
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of the workstations 10 may be located in New York. The workstations 10 may 
connect to the wireless network 42 using a networking protocol such as the 
Transmission Control Protocol /Internet Protocol {"^TCP/IP") over a number of 
alternative connection media, such as cellular phone, radio frequency 
5 networks, satellite networks, etc. The wireless network 42 preferably 

connects to the gateway 46 using a network connection 50a such as TCP or 
UDP (User Datagram Protocol) over IP, X.25, Frajne Relay, ISDN {Integrated 
Services Digital Network), PSTN (Public Switched Telephone Network), etc. 
The workstations 10 may alternatively coimect directly to the gateway 46 
10 using dial connections 50b or 50c. Further, the wireless network 42 cuid 

network 44 may connect to one or more other networks (not shown) , in an 
cmalogous manner to that depicted in Fig. 2. 



Software programming code which embodies the present invention is 
15 typically accessed by the microprocessor 12 of the workstation 10 (and/or 

server 47 or gateway 46) from long-term storage media 30 of some type, such 
as a CD-ROM drive or hard drive. The software programming code may be 
embodied on any of a variety of known media for use with a data processing 
system, such as a diskette, hard drive, or CD-ROM. The code may be 
20 distributed on such media, or may be distributed to users from the memory 

or storage of one computer system over a network of some type to other 
computer systems for use by users of such other systems. Alternatively, 
the programming code may be embodied in the memory 28, and accessed by the 
microprocessor 12 using the bus 14. The techniques and methods for 
25 embodying software programming code in memory, on physical media, and/or 

distributing software code via networks are well known and will not be 
further discussed herein. 



In the preferred embodiment, a user of the present invention 
30 preferably connects his or her pervasive device to a server using a 

wireless connection. Wireless connections use media such as satellite 
links, radio frequency waves, and infrared waves. Many connection 
techniques can be used with these various media, such as using a cellular 
modem to estcJblish a wireless connection, etc. The user's device may be 
35 any type of pervasive device having processing and communication 

capabilities. The remote server can be one of any niimber of different 
types of cooputer which have processing and communication capabilities. 
These techniques are well kno%m in the art, and the hardware devices and 
softwaxe which enable their use are readily available. The computing 
40 environment in which the present invention may be used includes an Internet 

environment, an intranet environment, an extranet environment, or any other 
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type of networking environment. These environments may be structured using 
a client-server architecture, a multi-tiered architecture, or an 
alternative network architecture. (In an alternative embodiment, described 
below, communication capabilities are not required, nor is a wireless 
connection to a remote server . ) 

The present invention discloses a technique for using biometrics on 
pervasive devices to enable mobile identification. A biometric device, 
many of which are commercially available, is attached to (or may be 
incorporated within) the pervasive device for the purpose of recording 
"third-party identification (that is, the biometric data of another being 
encountered by the possessor of the pervasive device) . (This is to be 
distinguished from use of biometrics to allow access to the pervasive 
device itself, which is known in the art.) In the preferred embodiment, 
the third-party recorded identity information is then transmitted from this 
augmented pervasive device to a server (such as server 47 of Fig. 2) which 
is capable of doing a search through a data repository to gather all 
information associated with this biometric identity. In this manner, the 
biometric information may be used to validate the identity of an arbitrary 
third party, determine the third party's access privileges, or perform 
other identity- sensitive processing as required by a particular application 
of the present invention. 

The preferred embodiment of the logic with which the present 
invention may be ini)leraented will now be discussed in more detail with 
reference to Fig. 3. 

The logic of Fig. 3 begins at Block 300, where the user of the 
pervasive device approaches or encounters some third party of interest. 
This third party's biometric data is then obtained, using the biometric 
input device which augments the pervasive device, at Block 310. At Block 
320, the biometric information is transmitted 325 from the pervasive device 
to a server over a wireless transmission path of some type, using the 
communication hardware and software which are built into the pervasive 
device . 

The server receives the transmitted information (Block 330) . 
Existing techniques are then used to retrieve 335 information from a data 
repository 340. The retrieved information depends on the application for 
which the biometric data is to be used, but may include such things as the 
third party's identification, background information on the third party. 



the third party' 4 authorized access rights, or a combination of these 

i 

things . j 

\ 

Suppose, for example, that the possessor of the pervasive device has 
a confidential message or package to be delivered to some person who is 
currently unknown to him or her. In this scenario, the retrieved 
information prefersJ^ly includes a picture of the person to whom the 
biometric information corresponds, and perhaps a textual description 
including the date when the picture was taken, selected physical 
characteristics which tend to be invariant (such as height), etc. Or, in a 
scenario where multiple levels of access privileges are indicated, such as 
security- sensitive information that is available in differing degrees of 
detail to different receivers, the retrieved information may indicate what 
level of the protected information is to be divulged to this particular 
third party. In fact, it may be that the information which is being 
protected by biometric identification is not locally accessible to the 
possessor of the pervasive device until such time as the third party has 
been identified (see Block 380) , in which case the information retrieved 
from repository 340 comprises the protected information for which this 
third party is being authorized through use of the present invention. 

At Block 350, the server trcuasmits 355 the information, access 
rights, etc. which have been obtained from repository 340 back to the 
pervasive device. The information (or pertinent parts thereof) is then 
displayed (Block 360) on the display facility of the pervasive device. For 
excunple, when the retrieved information includes a picture of the person 
corresponding to the captured biometric data. Block 360 preferably displays 
this picture. If this identification indicates that the third party is to 
be trusted (Block 370), then access is granted (Block 380) according to the 
scenario in which the mobile identification is being performed. Otherwise, 
access for this third party is denied (Block 390) . Operation of the logic 
of the preferred embodiment then ends with respect to this particular third 
party. 

Note that what constitutes the test performed at Block 370 depends on 
the scenario in which the present invention is being used. Furthermore, 
this test process may be performed at the server prior to sending 
information back to the pervasive device in Block 350, without deviating 
from the inventive concepts of the present invention. This approach is 
preferably used when information having multiple security levels is stored 
at the repository 340, as has been described above, such that the 



10 



information to be displayed on the pervasive device at Block 360 has been 
adapted or filtered as necessary prior to its transmission 355 . When the 
verification is to be performed at the server. Block 320 may additionally 
comprise transmitting a purported identification (such as the text of the 
third party's name) of the third party along with the third party's 
biometric information. 

Another example of advantageously using the present invention 
includes the law enforcement field. Thus, Block 390 indicates that one 
action which may be taken when the third- party verification of Block 370 
has a negative result is to apprehend that third party. While the 
previously-described «152 and -403 patents to Fishbine describe mobile 
identification using fingerprints, they place a requirement for the 
presence of a separate unit (in addition to the device which captures the 
fingerprint image) . That separate unit is used to receive data from the 
fingerprinting device, for example over a tether or by docking the 
fingerprint device into the separate unit. This separate unit then 
transmits information to a central site, and receives the response. The 
present invention removes the need for a separate unit, and thus greatly 
increases the usefulness of biometrics as a law enforcement tool: using 
the present invention, the officer is not required to be within proximity 
of a police car or other location where the separate unit would be mounted. 
Instead, the officer can now perform biometric analysis wherever he or she 
may encounter a suspect, even while working on foot patrol. Because 
pervasive devices are designed to be ultra-lightweight and compact, the 
device which enables use of the present invention will not add 
significantly to the bulk or weight which the officer must carry. 

As another exan^ile, the present invention may be used to provide 
"on-demand security- of a physical site such as a meeting room. Secured 
physical sites are well known in the art where the security is physically 
built into the site itself. Typically, such sites have a biometric reader 
located near the door. Significant expense may be involved in setting up 
the physical site in this maimer. The previously-discussed Hoehn-Saric 
•973 patent, for example, uses a biometric reader to protect access to a 
testing kiosk. The '973 patent describes connecting the protected kiosk to 
the electrical, phone, and HVAC systems of a host site, for example. Once 
a secured physical site has been created according to prior art techniques, 
it remains stationary, if a secured site is needed which is in closer 
proximity to meeting attendees, then a new secured site must be set up. If 
a previously- secured site is no longer desirable at some point in time. 
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then the esqpense which went into creating the physical security may be 
non- recoverable. The present invention, on the other hand, enables a 
secure site to be created on demand, at any location where the pervasive 
device possessor happens to be. Upon traveling to an arbitrary meeting 
location, the pervasive device can be used by its possessor to reliably 
screen each meeting attendee. Thus the secured site may vary over time 
with tremendous flexibility, and has no set-up cost associated with new 
locations (nor wasted costs v^en a previously-used location is no longer 
needed) . 

As an alternative embodiment to that which has been described with 
reference to Fig. 3, the information needed for validating identity {or 
determining access rights, etc.) in a mobile environment may be locally 
available to the pervasive device without deviating from the inventive 
concepts of the present invention- For example, a storage mechanism of the 
pervasive device may contain pre-stored biometric identification of all 
authorized attendees of a particular meeting. The biometric inforroation of 
each person desiring to enter a meeting location secured according to the 
present invention may then be captured and con^ared to the stored 
information (without requiring transmission across a network to a server) , 

As has been demonstrated, the present invention provides a technique 
for efficiently performing mobile identification using a pervasive device 
augmented with a biometric input device. This technic[ue takes advantage of 
existing technology coitqponents , and provides a flexible, powerful solution 
at relatively low cost. 

In sxiiranary there is provided a method, system, and computer program 
product for using biometrics on pervasive devices for purposes of mobile 
identification. A biometric device of the prior art is attached to, or 
incorporated within, a pervasive device. This augmented pervasive device 
may then be used for capt\iring biometric information from an arbitrary 
third party in aui arbitrary location. The captured information is analyzed 
to determine the third party's identification, access rights, etc. as 
needed by a particular application. This solution capitalizes on the 
portsibility and functionality of the pervasive device, as well as its 
built-in communication capcibility, to provide an extremely flexible, 
powerful biometric identification technique at relatively low cost. 

While the preferred embodiment of the present invention has been 
described, additional variations and modifications in that embodiment may 
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occur to those skilled in the art once they learn of the basic inventive 
concepts. Therefore, it is intended that the appended claims shall be 
construed to include both the preferred embodiment and all such variations 
and modifications as fall within the spirit and scope of the invention. 
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CLAIMS 

1,. A system for using biometrics on pervasive devices for mobile 
identification, said system comprising: 

a mobile pervasive device; 

a biometric input reader attached to or incorporated within said 
mobile pervasive device; 

means for capturing biometric data of a third party using said 
biometric input reader; and 

means for identifying said third party using said captured biometric 
data by comparing said captured biometric data to previously- stored 
biometric data. 

2.. The system according to Claim 1, further comprising: 

means for transmitting said captured biometric data from said mobile 
pervasive device to a remote server; 

means for retrieving, by said remote server, information from a 
repository using said transmitted biometric data; and 

means for returning said retrieved information to said mobile 
pervasive device. 

3. The system according to Claim 2, wherein said retrieved information 
comprises a photograph of a party to whom said biometric data corresponds. 

4 . The system according to Claim 2 or 3 , wherein said retrieved 
information comprises access rights of a party to whom said biometric data 
corresponds . 

5. The system according to Claim 2, 3 or 4, wherein said retrieved 
information comprises protected information not locally accessible to said 
mobile pervasive device. 

6. The system according to any one of Claims 2 to 5« further comprising 
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means for filtering, by said remote server, said retrieved 
xnfonnation based upon a determined identity of said third party; and 

wherein said returned retrieved information is said filtered 
retrieved information. 



7. The system according to any one of Claims 1 to 6, wherein said mobile 
pervasive device further comprises a locally- stored repository containing 
saxd previously-stored biometric data, and wherein said means for 
identifying compares, by said mobile pervasive device, said captured 
bxometric data to said previously- stored biometric data in said 

locally- Stored repository. 

8. The system according to any one of Claims 1 to 7, wherein said system 
xs used to enable on-demand creation of a secure meeting site by repeating 
operatxon of said means for capturing and said means for identifying for 
each of a plurality of meeting attendees. 

9- The system according to any one of Claims 1 to 8, wherein said system 
xs used to exchange a trusted message by performing operation of said means 
for capturing and said means for identifying wherein said third party is a 
potential recipient of said trusted message. 

10. A method for using biometrics on pervasive devices for mobile 
identification, said method comprising the steps of: 

capturing biometric data of a third party using a biometric input 
reader attached to or incorporated within a mobile pervasive device; and 

identifying said third party using said captured biometric data by 
comparing said captured biometric data to previously- stored biometric data. 

11. The method according to Claim 10, further comprising the steps of: 

transmitting said captured biometric data from said mobile pervasive 
device to a remote server; 

retrieving, by said remote server, information from a repository 
using said transmitted biometric data; and 

returning said retrieved information to said mobile pervasive device. 
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12. The method according to Claim 11, wherein said retrieved information 
comprises a photograph of a party to whom said biometric data corresponds, 

13. The method according to Claim 11 or 12, wherein said retrieved 
information comprises access rights of a party to whom said biometric data 
corresponds . 

14. - The method according to Claim 11, 12 or 13 wherein said retrieved 
information comprises protected information not locally accessible to said 
mobile pervasive device. 

15. The method according to any one of Claims 11 to 14, fxirther 
comprising the step of: 

filtering, by said remote server, said retrieved information based 
upon a detertnined identity of said third party; and 

wherein said returned retrieved information is said filtered 
retrieved information. 

16. The method according to any one of Claims 10 to 15, wherein said 
mobile pervasive device further comprises a locally- stored repository 
containing said previously- stored biometric data, auid wherein said 
identifying step compares, by said mobile pervasive device, said captured 
biometric data to said previously-stored biometric data in said 
locally- stored repository. 

17. The method according to any one of Claims 10 to 16, wherein said 
method is used to enable on-demand creation of a secure meeting site by 
repeating operation of said capturing step and said identifying step for 
each of a plurality of meeting attendees. 

18. The method according to any one of Claims 10 to 17, wherein said 
method is used to exchange a trusted message by performing operation of 
said capturing step and said identifying step wherein said third party is 
potential recipient of said trusted message. 

19. A product for using biometrics on pervasive devices for mobile 
identification, said product embodied on a medium readable by said 
pervasive device and comprising: 
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programmable code means for capturing biometric data of a third oarty 
using a biometric input reader which is attached to or incorporated wiUiin 
a mobile pervasive device; and 

programmable code means for identifying said third party using said 
captured biometric data by comparing said captured biometric data to 
previously- stored biometric data. 

20. The computer program product according to Claim X9, further 
con^rising : 

programmable code means for transmitting said captured biometric data 
from said mobile pervasive device to a remote server; 

programmable code means for retrieving, by said remote server, 
information from a repository using said transmitted biometric data; and 

programmable code means for returning said retrieved information to 
said mobile pervasive device. 

21. The computer program product according to Claim 20. wherein said 
retrieved information comprises a photograph of a party to whom said 
biometric data corresponds. 

22. The computer program product according to Claims 20 or 21, wherein 
said retrieved information comprises access rights of a party to whom said 
biometric data corresponds. 

23. The product according to Claims 20, 21 or 22 wherein said retrieved 
information comprises protected information not locally accessible to said 
mobile pervasive device. 

24. The computer program product according to any one of Claims 20 to 23, 
further comprising: 

programmable code means for filtering, by said remote server, said 
retrieved information based upon a determined identity of said third party; 
and 



wherein said returned retrieved information is said filtered 
retrieved information. 
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25. The con^uter program product according to any one of Claims 19 to 24, 
wherein said mobile pervasive device further comprises a locally- stored 
repository containing said previously- stored biometric data, and wherein 
said programmable code means for identifying compares, by said mobile 
pervasive device, said captured biometric data to said previously- stored 
biometric data in said locally-stored repository. 

26. The computer program product according to any one of Claims 19 to 25, 
wherein said con^uter program product is used to enable on-demand creation 
of a secure meeting site by repeating operation of said programmable code 
means for capturing and said programmable code mesms for identifying for 
each of a plurality of meeting attendees. 

27. The computer program product according to cuiy one of Claims 19 to 26, 
wherein said computer program product is used to exchange a trusted message 
by performing operation of said programmable code mesms for capturing and 
said programmable code means for identifying wherein said third party is a 
potential recipient of said trusted message. 
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